hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-25 00:27:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
71,567 Commits 1,758 Branches 168 Tags
15f92fcda87e52d0373adf6c1933d17ab2d91a9b
Commit Graph

7997 Commits

Author SHA1 Message Date
Raul Garcia
490957ad86 Merge pull request #117 from microsoft/SqlConnFP_fix 
Fixing a false positive in cs/insecure-sql-connection
 2024-10-22 10:03:14 -07:00
Raul Garcia
97bfc5dad7 Update csharp/ql/src/Security Features/CWE-327/InsecureSQLConnectionInitializerGood.cs 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2024-10-22 09:20:19 -07:00
Raul Garcia
8b9139f18b Update csharp/ql/src/Security Features/CWE-327/InsecureSQLConnectionInitializerBad.cs 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2024-10-22 09:20:12 -07:00
Raul Garcia
0662013ef5 Update csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2024-10-22 09:20:01 -07:00
Dilan
7ad49cf3ff Merge tag 'codeql-cli/latest' 
Compatible with the latest released version of the CodeQL CLI
 2024-10-21 17:59:16 +00:00
github-actions[bot]
ca0345324e Release preparation for version 2.19.2 2024-10-18 15:16:21 +00:00
Arthur Baars
eb515f884b Revert "Release preparation for version 2.19.2" 2024-10-18 17:06:20 +02:00
github-actions[bot]
255f55cf1a Release preparation for version 2.19.2 2024-10-15 10:29:25 +00:00
REDMOND\brodes
e0ee60f3dd Updated expected file. 2024-10-10 13:31:53 -04:00
Tom Hvitved
4df9cd88ef Merge pull request #17658 from hvitved/shared/cfg-conditional-splitting 
Shared `ConditionalCompletionSplitting` implementation
 2024-10-10 13:21:38 +02:00
Raul Garcia
c1f7422f0e Fixing test cases 2024-10-09 16:53:33 -07:00
Raul Garcia
a179fa021f Fixing Test cases 2024-10-09 14:44:48 -07:00
REDMOND\brodes
b95b275136 qlref's were incorrect. 2024-10-09 13:55:28 -04:00
Michael Nebel
5d4ceeebb5 Shared: Only generate df summary model in the mixed query in case no context sensitive model exist. 2024-10-09 13:04:32 +02:00
Tom Hvitved
5d925d36d3 C#: Adopt shared ConditionalCompletionSplitting implementation 2024-10-09 11:02:15 +02:00
Dilan
878bd5b098 Merge tag 'codeql-cli/latest' 
Compatible with the latest released version of the CodeQL CLI
 2024-10-04 20:59:08 +00:00
Raul Garcia
64aca2632b Fixing a false positive in cs/insecure-sql-connection, and adding a new query to remediate a false negative 2024-10-03 18:37:33 -07:00
github-actions[bot]
fe54961b84 Release preparation for version 2.19.1 2024-10-02 18:30:42 +00:00
Chad Bentz
2458d16426 Clarify threat model flow sources comment in LogForgingQuery.qll 2024-10-01 23:04:22 -04:00
Angela P Wen
e8dd6a88e7 Revert "Release preparation for version 2.19.1" 2024-10-01 10:19:28 -07:00
Anders Schack-Mulligen
6081ba5902 Merge pull request #17604 from aschackmull/java/neutral-overrides 
Java/C#: Add overrides to the interpretation of neutral MaD models.
 2024-10-01 14:55:54 +02:00
Mathias Vorreiter Pedersen
758196ed8d C#: Accept test changes. 2024-10-01 12:40:49 +01:00
Mathias Vorreiter Pedersen
89bdcfb53d C#: Allow 'StartsWith' and 'EndsWith' to be barriers when the path is normalized. 2024-10-01 12:34:40 +01:00
Mathias Vorreiter Pedersen
9457e5305e C#: Add a flow state to represent whether the path is normalized. 2024-10-01 12:33:04 +01:00
Mathias Vorreiter Pedersen
864bde242f C#: Add a FP testcase. 2024-10-01 12:26:58 +01:00
github-actions[bot]
e97878ed63 Post-release preparation for codeql-cli-2.19.1 2024-09-30 19:49:00 +00:00
github-actions[bot]
455c8c5953 Release preparation for version 2.19.1 2024-09-30 17:59:48 +00:00
Anders Schack-Mulligen
5c4b4d644a C#: Accept test changes. 2024-09-30 16:27:50 +02:00
Anders Schack-Mulligen
a8f55d93cb C#: Add overrides to the interpretation of neutral MaD models. 2024-09-30 15:23:27 +02:00
Tamas Vajk
29948e4c0b C#: reduce extraction message severity for missing text files 2024-09-30 12:31:07 +02:00
Michael Nebel
6f74387600 Merge pull request #17521 from michaelnebel/modelgen/moreimprovements 
C#/Java: Content based model generation improvements.
 2024-09-30 11:22:30 +02:00
Michael Nebel
0b39c5b982 C#/Java: Update model generator expected output. 2024-09-27 09:22:29 +02:00
Michael Nebel
80497f551e Shared: Only make unlifted models in case the API itself is relevant. 2024-09-27 09:22:25 +02:00
Michael Nebel
3d1a403655 C#: Add example of content based summary on private method. 2024-09-27 09:22:20 +02:00
Michael Nebel
8310faa2e9 C#/Java: Add a query that uses both content based and non-content based model generation. 2024-09-27 09:22:11 +02:00
Tom Hvitved
7c473c38c0 Merge pull request #17585 from hvitved/shared/cfg-scope-no-first-consistency 
Shared: Add CFG consistency check for scopes with missing entry points
 2024-09-26 14:05:08 +02:00
Rasmus Wriedt Larsen
381ea93ec3 Merge pull request #17424 from RasmusWL/active-threat-model-source 
Go/Java/C#: Rename `ThreatModelFlowSource` to `ActiveThreatModelSource`
 2024-09-26 13:08:17 +02:00
Michael Nebel
a128383760 C#/Java: Add some dfc-generated test cases. 2024-09-26 13:01:01 +02:00
Michael Nebel
9a923d62ad C#/Java: Updated expected test output. 2024-09-26 13:00:52 +02:00
Michael Nebel
0cd4ccb790 C#/Java: Update model generator expected test output. 2024-09-26 12:49:18 +02:00
Michael Nebel
aae8660acc C#/Java: Add some examples of missing synthetic field element flow. 2024-09-26 12:00:29 +02:00
Michael Nebel
58513cadbf C#/Java: Add model generator test examples. 2024-09-26 12:00:25 +02:00
Michael Nebel
dd993c3900 Merge pull request #17509 from michaelnebel/modelgen/parammodule 
C#/Java: Re-factor the model generator to be a parameterized module.
 2024-09-26 10:57:16 +02:00
Michael Nebel
297d32180c Merge pull request #17582 from michaelnebel/csharp/attributecollectionsinks 
C#: `AttributeCollection` is no longer considered a HTML sink.
 2024-09-26 09:17:31 +02:00
Michael Nebel
1dcc6ac2b1 C#: Address review comments. 2024-09-25 17:06:19 +02:00
Tom Hvitved
1bd504bf61 C#: Restrict CfgScope 2024-09-25 16:43:15 +02:00
Michael Nebel
af80797eda C#: Add change note. 2024-09-25 14:13:06 +02:00
Michael Nebel
e89a47f2f5 C#: Update XSS expected test output. 2024-09-25 14:13:03 +02:00
Michael Nebel
d00e27916d C#: No longer consider attribute collections as HTML sinks. 2024-09-25 14:12:59 +02:00
Michael Nebel
28c48fb471 C#: Add Xss attribute collection test example and update expected output. 2024-09-25 14:12:55 +02:00